Cross-Site Scripting Vulnerability in Microsoft Lync Server 2013
CVE-2015-2532

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync Server
Vendor: CVE Published:; 9 September 2015

Summary

A cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 enables remote attackers to inject arbitrary web scripts or HTML through carefully crafted URLs. This security flaw could be exploited to steal sensitive information or execute unauthorized actions on behalf of users, leading to potential data exposure and compromise of user accounts.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1033497

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 9, 2015
Vulnerability Reserved
Mar 19, 2015